A user of Apple's Safari, the default web browser of every Mac and iOS product, is suing Google Inc. after it came to light that the world's largest internet company had implemented a tracking system that allegedly violates federal wiretapping and privacy laws.

Attorneys for Matthew Soble filed the complaint on Tuesday in Delaware's federal court, and are seeking class-action status for the suit which asserts that Google knowingly sidestepped certain Safari privacy settings in order to track users' web activities, reports Bloomberg.

The issue was brought to the fore when The Wall Street Journal reported that Google had instituted code that bypassed standard Safari privacy settings and allowed the company to insert advertising cookies on an affected device.

Unlike most popular browsers, Apple's Safari is set by default to blocks cookies, or small bits of code that are meant to identify users when they return to a previously visited site. However, cookies can also afford websites to track users' movements when surfing the internet, though Google claims that its code did not execute any such function.

Cookies can be activated in Safari if a user gives permission by either clicking a pop-up window asking to allow for cookie storage or by purposely interacting with certain website features.

Safari settings menu regarding cookie handling.

In order to get around the privacy settings, Google's DoubleClick ad serving platform reportedly exploited a Safari "loophole" that "tricked" the browser into thinking that a user was purposely interacting with an ad by automatically sending an invisible form. Safari subsequently allowed the installation of a temporary cookie as if the user purposely affirmed the procedure.

Ads on 22 of the 100 most-visited websites, as ranked by Quantcast, implemented the DoubleClick workaround.

Google denies any wrongdoing and stated: "The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information."

After being contacted by WSJ, the internet search engine immediately disabled the code and later removed information from a company site noting that users can rely on Safari's default settings to prevent Google tracking.

Other advertising companies also use the technique, such as Vibrant Media, which implements the "workaround" to "make Safari work like all the other browsers."

The recent events have brought privacy rights into question and caught the eye of advocacy group Consumer Watchdog, which sent a letter to the Federal Trade Commission asking that action be taken against the Mountain View, Calif., company.

“Safari users with the browser set to block third-party cookies thought they were not being tracked,” said Consumer Watchdog Privacy Project Director John Simpson. “Nonetheless, because of an element invisible to the user, but designed to mimic a form, DoubleClick was able to set tracking cookies in an obvious violation of the set preference.”

Going further, lawmakers are also looking into the Safari case, with West Virginia Senator John D. Rockefeller IV saying that he intends to determine the extent to which Google used the technique to "circumvent consumer choice."

I'm curious why Google didn't do this to Firefox, Opera, and the rest.

In before "Chrome is WebKit and Safari is WebKit2, so Google would know the absolute ins and outs of Safari better than any others and therefore would be able to circumvent its stuff more easily," because I've already thought of that.

I'm curious why Google didn't do this to Firefox, Opera, and the rest.

In before "Chrome is WebKit and Safari is WebKit2, so Google would know the absolute ins and outs of Safari better than any others and therefore would be able to circumvent its stuff more easily," because I've already thought of that.

A little blurb on why you're posting the link would help us know your position, interest facts that would encourage us to click though and perhaps go in with an understanding of where you're coming from should we disagree.

This bot has been removed from circulation due to a malfunctioning morality chip.

Of course it's not a defense. I completely agree. I've told my son and daughter the same more than once.

MS should have taken action two years ago when it was brought to their attention. . .
of course that assumes they thought it was important.

The technique with IE is different from the technique with Safari. In both cases the vendor of the browser is ultimately the one who let it happen. Not saying there may be some legal issues for Google but the browsers left the door open by mistake. In the case of Firefox they left the door open on purpose.

I'm curious why Google didn't do this to Firefox, Opera, and the rest.

In before "Chrome is WebKit and Safari is WebKit2, so Google would know the absolute ins and outs of Safari better than any others and therefore would be able to circumvent its stuff more easily," because I've already thought of that.

A little blurb on why you're posting the link would help us know your position, interest facts that would encourage us to click though and perhaps go in with an understanding of where you're coming from should we disagree.

I thought the link was reasonably balanced, presenting different views, with links to supporting docs. In other words a good reference with additional resources if you're interested in past background articles of the history dealing with the issues mentioned.

A user of Apple's Safari, the default web browser of every Mac and iOS product, is suing Google Inc. after it came to light that the world's largest internet company had implemented a tracking system that allegedly violates federal wiretapping and privacy laws.

Good for him. This stuff needs to stop.

Surfing the web can be downright creepy lately, with ads popping up for some specific/unusual search you did 3 days ago. I saw a news article on some unusual locale, so I looked it up and checked it out. Likely I looked at 3 or 4 different map/tourist/historical/demographic sites. Now I am barraged with ads for vacationing there.

Quote:

Originally Posted by AppleInsider

In order to get around the privacy settings, Google's DoubleClick ad serving platform reportedly exploited a Safari "loophole" that "tricked" the browser into thinking that a user was purposely interacting with an ad by automatically sending an invisible form. Safari subsequently allowed the installation of a temporary cookie as if the user purposely affirmed the procedure.

How stupid is Google? With everyone looking over their shoulder they go and do something like this! This is akin to posing as the "gas man" to gain entry into someone's house to case the place. It doesn't matter if they come back later and steal anything or not. They gained access by posing as something they weren't. That is a serious breach of privacy. True, tracking your website usage isn't nearly as serious as trespassing on someone's property, but it's still dirty-handed.

Disclaimer: The things I say are merely my own personal opinion and may or may not be based on facts. At certain points in any discussion, sarcasm may ensue.

I've been fighting this cat & mouse game with DoubleClick for years. I thought I had it licked with the Ghostery extension but lately a lot of things won't work on web pages anymore unless I turn off the extension. It's a never ending battle.

I thought the link was reasonably balanced, presenting different views, with links to supporting docs. In other words a good reference with additional resources if you're interested in past background articles of the history dealing with the issues mentioned.

I only chose to read it after you replied to TS. Otherwise I didn't have interest. You went to the trouble to post the link give us interest to click it, that's all I'm saying.

Quote:

Originally Posted by ljocampo

I've been fighting this cat & mouse game with DoubleClick for years. I thought I had it licked with the Ghostery extension but lately a lot of things won't work on web pages anymore unless I turn off the extension. It's a never ending battle.

I've come across that, too. Even things like Disqus comment on Engadget are blocked by Ghostery. I wonder if that's intentional or if they are wrapping these ads and analytics so deep that it breaks parts of the pages if not loaded.

This bot has been removed from circulation due to a malfunctioning morality chip.

It seems that what Google was doing was sneaky, scummy, backhanded and illegal!

And they did it to MS too! Why doesn't Apple and Microsoft join together and sue Google, for illegally exploiting both of their browsers?

And there should definitely be class action suits against Google for their illegal invasion of privacy, like the one mentioned in the OP.

Besides having easy access to malware, I wonder what hidden surprises Android phones come with when somebody either buys one or is given one for free? I wouldn't trust shit that Google says or claim, they'll lie right to your face, while illegally gathering info on you and tracking you. Do the ignorant people who buy junky Android phones which comes with a free OS think that Google is doing it out of the goodness of their heart?

Some ignorant fools and degenerate Fandroids whine and bitch about Apple? Apple is a saint compared to Google.

The technique with IE is different from the technique with Safari. In both cases the vendor of the browser is ultimately the one who let it happen. Not saying there may be some legal issues for Google but the browsers left the door open by mistake. In the case of Firefox they left the door open on purpose.

If you read the Microsoft blog post, you'll note that the behavior of the browsers is in accordance to the standard. Google (and others) are abusing the standard as it is currently written and implemented, plain and simple.

The default is to ignore malformed or unknown requests, this allows for future expandability. Google's P3P line isn't anything close to what they should be telling the browsers. In fact they completely ignore the standard and say so!

Microsoft has had to take a non-standard approach in order to further protect IE 9 users.

Disclaimer: The things I say are merely my own personal opinion and may or may not be based on facts. At certain points in any discussion, sarcasm may ensue.

I in general hate tech lawsuits but I did a double take on this one. While you can argue the browser should be smart enough to block this sort of thing, this is Google circumventing a users preference to privacy. It is not a case of Google choosing the most efficient way to deliver content that just so happens to expose a deficiency in the browser. It is blatant.

Quote:

Originally Posted by mjtomlin

How stupid is Google? With everyone looking over their shoulder they go and do something like this! This is akin to posing as the "gas man" to gain entry into someone's house to case the place. It doesn't matter if they come back later and steal anything or not. They gained access by posing as something they weren't. That is a serious breach of privacy. True, tracking your website usage isn't nearly as serious as trespassing on someone's property, but it's still dirty-handed.

I've been fighting this cat & mouse game with DoubleClick for years. I thought I had it licked with the Ghostery extension but lately a lot of things won't work on web pages anymore unless I turn off the extension. It's a never ending battle.

Suggest you download "Little Snitch", it stops the tracking of any site you don't want tracking you.

If you read the Microsoft blog post, you'll note that the behavior of the browsers is in accordance to the standard. Google (and others) are abusing the standard as it is currently written and implemented, plain and simple.

The default is to ignore malformed or unknown requests, this allows for future expandability. Google's P3P line isn't anything close to what they should be telling the browsers. In fact they completely ignore the standard and say so!

Microsoft has had to take a non-standard approach in order to further protect IE 9 users.

I am the opposite of a Google fan-boy (in fact, I often wonder how there can be such a thing). Excluding search, I find most Google products and services to be a usability nightmare. That being said, I am not so sure that I agree that what Google did in this case is really really blameworthy.

Sure, there is an argument to be made that the "form trick" they pulled constitutes circumvention of Safari's privacy settings, but that argument strikes me as being a bit pedantic. Assuming, arguendo, that Google's statement about this trick serving only to enable features enabled by logged-in Google users, then what, really, is the harm? Ostensibly the only users affected would be those that wanted features enabled that wouldn't have worked without the "hack." Isn't the web full of instances where creative engineering was used to achieve interoperability across a wide variety of devices?

One thing is for certain, Google should dispense with the "Do no evil" bit. They are a corporation seeking to maximize shareholder value - they are governed by various bodies of U.S. and International law, not some holistic and unified sense of morality.

I am perfectly willing to stand corrected on this issue, but I frequently see "troll" posts in this forum by the Apple-haters, and I would like to think that we don't succumb to the same rush to judgment about Google as so-many Android fans have done to us.

I've been fighting this cat & mouse game with DoubleClick for years. I thought I had it licked with the Ghostery extension but lately a lot of things won't work on web pages anymore unless I turn off the extension. It's a never ending battle.

Quote:

Originally Posted by SolipsismX

I only chose to read it after you replied to TS. Otherwise I didn't have interest. You went to the trouble to post the link give us interest to click it, that's all I'm saying.

I've come across that, too. Even things like Disqus comment on Engadget are blocked by Ghostery. I wonder if that's intentional or if they are wrapping these ads and analytics so deep that it breaks parts of the pages if not loaded.

The only website that I need to turn it off is NFL for their video streaming. The rest work just fine though my list of regular sites may significantly less than both of you.

Google has a horrible privacy rights record. Trying to ween myself off but their search engine is still the best, imo.

That 'mantra' have long gone but it is (almost) the number one reason why people hate Google nowadays - when you connect the dots on what they have been doing with things like this, with their previous 'do no evil' corporate image.

Suggest you download "Little Snitch", it stops the tracking of any site you don't want tracking you.

Just this month Little Snitch started asking me if I really wanted to connect to google.com; saying that it could not verify the site. This came up on EVERY website I visited. I immediately cancelled my gmail account and it stopped.

One thing I haven't read in all the threads about this is, how can we fix it? Is Apple going to fix it? Is there a setting or something we can tweak?

I've manually gone through the cookies on my iMac and weeded them from 2500+ down to about 40 "legitimate" ones.

It makes me very unhappy that after manually deleting a bunch of crap, after an hour of browsing there's another 50 cookies from sites I did not visit - "Block cookies from 3rd parties and advertisers" seems to be completely and utterly broken / useless.

Why is there no option to have it just ask you for every cookie request if you want to allow or not? I'd like to see which sites I visit are playing these scummy games and sideloading cookies.

As much as I am unhappy with Google for deliberately exploiting this flaw, I'm also disappointed in Apple for not fixing the flaw in the first place.

One thing I haven't read in all the threads about this is, how can we fix it? Is Apple going to fix it? Is there a setting or something we can tweak?

I've manually gone through the cookies on my iMac and weeded them from 2500+ down to about 40 "legitimate" ones.

It makes me very unhappy that after manually deleting a bunch of crap, after an hour of browsing there's another 50 cookies from sites I did not visit - "Block cookies from 3rd parties and advertisers" seems to be completely and utterly broken / useless.

Why is there no option to have it just ask you for every cookie request if you want to allow or not? I'd like to see which sites I visit are playing these scummy games and sideloading cookies.

As much as I am unhappy with Google for deliberately exploiting this flaw, I'm also disappointed in Apple for not fixing the flaw in the first place.

It makes me very unhappy that after manually deleting a bunch of crap, after an hour of browsing there's another 50 cookies from sites I did not visit - "Block cookies from 3rd parties and advertisers" seems to be completely and utterly broken / useless.

And you're blaming Apple.

Quote:

Why is there no option to have it just ask you for every cookie request if you want to allow or not? I'd like to see which sites I visit are playing these scummy games and sideloading cookies.

Because who wants to click through twenty dialogue boxes before they get to a site?

If ABSOLUTELY NOTHING else, I would like a "protected cookies" option. Where you tick a box and that cookie is locked so when you go to "remove all", those aren't removed.

Quote:

As much as I am unhappy with Google for deliberately exploiting this flaw, I'm also disappointed in Apple for not fixing the flaw in the first place.

Not quite the same thing at all. Unlike Google, Apple was not the one who was collecting and gathering any data. If that PATH social network did it or if any other apps did it, then that was something that should clearly not be allowed. Unlike Google, Apple is not a shitty advertising company that relies on ads and deceiving users for their income.

"Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines," the statement says. "We're working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."

It seems that what Google was doing was sneaky, scummy, backhanded and illegal!

And they did it to MS too! Why doesn't Apple and Microsoft join together and sue Google, for illegally exploiting both of their browsers?

And there should definitely be class action suits against Google for their illegal invasion of privacy, like the one mentioned in the OP.

Besides having easy access to malware, I wonder what hidden surprises Android phones come with when somebody either buys one or is given one for free? I wouldn't trust shit that Google says or claim, they'll lie right to your face, while illegally gathering info on you and tracking you. Do the ignorant people who buy junky Android phones which comes with a free OS think that Google is doing it out of the goodness of their heart?

Some ignorant fools and degenerate Fandroids whine and bitch about Apple? Apple is a saint compared to Google.

This is why I personally use a Littlesnitch, it told me about all Google little tricks of phoning home when I did not want them doing it, I have block most of Google's servers especially it analytic data collection servers. What people also do not fully realize if you have a gmail or google account it is able to track you on any and all computer you log into, even if you log out it is still tracking your activities.

The other thing I do when I use google for searching for information I run my connection via proxy server somewhere else in the world. This way they can not track it back to my home location. Face it Google goal in live is to know you better than you know yourself and then share that information with anyone who is willing to pay for. Most all of you freely give up your rights when you get free google accounts, you exchange your privacy for free things.